The document describes the architecture of Docker containers. It discusses how Docker uses Linux kernel features like cgroups and namespaces to isolate processes and manage resources. It then explains the main components of Docker, including the Docker engine, images, containers, graph drivers, and the native execution driver which uses libcontainer to interface with the kernel.
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
Docker Architecture (v1.3)
1. Docker
Architecture
based
on
v
1.3
Compiled
by
Rajdeep
Dua
Twi?er
:
@rajdeepdua
Oct
2014
Tuesday, November 4, 14
2. Before
we
get
started
• What
is
a
Container?
– Group
of
processes
contained
in
a
Isolated
Environment
– IsolaNon
provided
by
Concepts
like
cgroups
and
namespaces
• What
is
Docker?
– ImplementaNon
of
a
container
which
is
portable
using
a
concept
of
image.
Tuesday, November 4, 14
3. CGroup
• Limit,
account,
and
isolate
resource
usage
(CPU,
memory,
disk
I/O,
etc.)
of
process
groups.
• Resource
limi@ng:
groups
can
be
set
to
not
exceed
a
set
memory
limit
—
this
also
includes
file
system
cache.
• Priori@za@on:
some
groups
may
get
a
larger
share
of
CPU[8]
or
disk
I/O
throughput.
• Accoun@ng:
to
measure
how
much
resources
certain
systems
use
• Control:
freezing
groups
or
checkpoin@ng
and
restar@ng.
Tuesday, November 4, 14
4. Namespace
• ParNNon
essenNal
kernel
structures
to
create
virtual
environments
• Different
Namespaces
– pid
(processes)
– net
(network
interfaces,
rouNng...)
– ipc
(System
V
IPC)
– mnt
(mount
points,
filesystems)
– uts
(hostname)
– user
(UIDs)
Tuesday, November 4, 14
5. Docker
• Manages
Images
and
Container
runNmes
• Supports
mulNple
file
system
back-‐ends
• MulNple
Execdrivers
for
container
implementaNon
• Client
and
server
components
–
interacNon
using
HTTP
using
unix
sockets
Tuesday, November 4, 14
7. Docker
Engine
• Core
of
Docker
:
Store
for
Containers
• Manages
containers
using
Jobs
(similar
to
Unix
jobs)
• Contains
Handlers
a
funcNon
which
wraps
Jobs
• All
the
acNons
performed
using
Jobs
Engine
n 1 1
1 Handler Job
Tuesday, November 4, 14
8. Docker
IniNalizaNon
1. Main
funcNon
of
Docker
:
docker.main()
2. Calls
:
mainDaemon()
3. InstanNate
Engine
eng := engine.New()
4.
Register
built-‐ins
builtsin.Register(eng)
5.
InstanNate
job
job := eng.Job(“initserver”)
6.
Set
Env
variables
for
the
Job
Tuesday, November 4, 14
9. Docker
IniNalizaNon
5. Run
the
Job
job.run()
6. Start
AccepNng
ConnecNons
eng.Job(“AcceptConnections”).run()
Tuesday, November 4, 14
10. Docker
IniNalizaNon
:
4
4.
Register
built-‐ins
Instantiate daemon(eng)
//see later slides for details
eng.Register("initserver", server.InitServer)
//see later slides for details
eng.Register(“init_networkdriver”, bridge.InitDriver)
Tuesday, November 4, 14
11. Daemon
• Main
Entry
point
for
all
the
requests
to
manage
containers
• Data
Structure
which
maintains
following
references
– ImageGraph
– Volume
Graph
– Engine
– ExecDriver
– Server
– ContainerStore
Tuesday, November 4, 14
12. Daemon
-‐
Graph
• Graph
is
a
(structure)
store
of
versioned
file
system
and
rela@onship
between
images
• For
each
container
a
Graph
is
instan@ated
• References
a
graphdriver.Driver
• Ac@ons
on
a
Graph
– Create
a
New
Graph
– Get
image
from
a
Graph
– Restores
a
Graph
– Creates
an
Image
and
Register
in
the
Graph
– Registers
a
pre-‐exis@ng
image
on
the
Graph
Tuesday, November 4, 14
13. Concept
of
Images
and
Containers
in
Docker
• Docker
image
is
a
Layer
in
the
file
System
• Containers
are
two
Layers
– Layer
one
is
init
layer
based
on
Image
– Layer
two
is
the
actual
container
content
Container
Content
Image
Content
Layer
Init
Layer
Docker
Container
Tuesday, November 4, 14
14. Container
in
Docker
• DataStructure
which
resides
in-‐memory
and
is
persisted
in
SQLite
store
• References
other
components
like
– Daemon
– Volumes
– Has
a
lifecycle
which
is
controlled
by
Daemon
– Daemon
has
in-‐memory
dicNonary
of
containerIDs
and
containers
14
Tuesday, November 4, 14
16. Graph
Driver
• Referenced
by
the
Daemon
• Used
to
abstract
mulNple
storage
backends
• Loads
one
of
the
following
File
System
Backends
– aufs
– Device
mapper
(devmapper)
– vfs
– btrfs
Tuesday, November 4, 14
17. Container
store
• Persistent
backend
for
Container
data
• Implemented
using
SQLite
• Referenced
from
Daemon
containerGraph: graph
Used
to
load
container
informaNon
during
Daemon
restore
Tuesday, November 4, 14
18. Volume
Graph
• Simple
vfs
based
Graph
to
keep
track
of
container
volumes
• Volumes
used
volume
driver
in
Daemon
to
create
and
a?ach
volumes
to
the
container
• Each
container
is
associated
with
one
of
more
volumes
Tuesday, November 4, 14
19. ExecDriver
• AbstracNon
for
the
underlying
Linux
Containment
• Called
from
the
daemon
• Supports
following
implementaNon
– LXC
– NaNve
Tuesday, November 4, 14
20. Driver
Interfaces
• Abstract
Interface
to
interact
with
the
underlying
implementaNon.
type driver Interface{
Run(c *Command,..)
Kill(c *Command)
Pause(c *Command)
Name()
GetProcessIdsForContainer(id string)
Terminate()
}
Tuesday, November 4, 14
21. Driver
Interfaces
-‐
Networking
• Abstract
Interface
to
interact
with
the
underlying
implementaNon.
type Network struct {
Interface *NetworkInterface
Mtu int
ContainerID string
HostNetworking bool
}
Tuesday, November 4, 14
22. libcontainer
• Underlying
naNve
implementaNon
of
the
Container
• Used
by
the
naNve
driver
• Container.config
–
representaNon
of
a
container
data
• Wrapper
over
cgroups
and
Namespaces
Tuesday, November 4, 14